CVE-2008-0506

Coppermine Photo Gallery < 1.4.14 - Improper Input Validation

Title source: rule

Description

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16909

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/5019

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Janek Vind, jduck · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/coppermine_piceditor.rb

View Code ZIP pw:eip

References (8)

[Patch] http://coppermine-gallery.net/forum/index.php?topic=50103.0

[Vendor Advisory] http://secunia.com/advisories/28682

[Exploit, Patch] http://www.securityfocus.com/bid/27512

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019286

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/0367

[Various Sources] http://www.waraxe.us/advisory-65.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487310/100/200/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5019

Scores

EPSS 0.8839

EPSS Percentile 99.5%

Details

CWE

CWE-20

Status published

Products (1)

coppermine/coppermine_photo_gallery < 1.4.14

Published Jan 31, 2008

Tracked Since Feb 18, 2026